aericpp commented on issue #968: https开启双向认证后,SSL Renegotiation功能失效 URL: https://github.com/apache/incubator-brpc/issues/968#issuecomment-554265193 > 看上去像是session没在SSL的cache里,你看下ssl_options.h里的`session_lifetime_s`和`session_cache_size`2个参数,是不是时间过期或者大小问题 最初我也怀疑过是不是这两个参数没有生效,默认的是300s和20480,我也修改过改成20s和20。 修改后,在不开启双向认证的时候,单独用openssl测试sess_in和sess_out,超过20s没有使用的SSL会话确实是会失效,20s内就能正常复用。 而开启双向认证以后,服务端也能够正常的在协商SSL时候返回有效期300s这个数值,但实际reuse时,效果就是无法复用。
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@brpc.apache.org For additional commands, e-mail: dev-h...@brpc.apache.org
